Twhidden Bitwarden
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: twhidden-bitwarden Version: 1.0.5 The OpenClaw Bitwarden skill is benign. It provides a wrapper for the Bitwarden CLI, enabling password management functionalities like login, registration, and CRUD operations. The `bw.sh` script explicitly implements safe credential loading to prevent shell injection from configuration files, uses `chmod 600` for session tokens, and clearly documents all external communication with the user-configured Bitwarden server. While the `do_register` function in `bw.sh` involves complex cryptographic operations implemented in bash using `openssl`, it is for the stated purpose of account registration and shows no signs of malicious intent or unauthorized data exfiltration. No prompt injection attempts against the agent were found in `SKILL.md` or `README.md`.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed without strict tool policy, the agent may be able to read or store credentials from your vault during tasks without a separate human approval step.
The skill explicitly allows autonomous agent use for password retrieval and storage, which gives the agent direct access to highly sensitive account credentials.
This skill can be invoked autonomously by your OpenClaw agent when it needs to: - Store credentials securely - Retrieve passwords for automation tasks - Generate secure passwords
Use a dedicated Bitwarden/Vaultwarden account or collection with limited secrets, and require manual approval for password retrieval, creation, editing, and deletion.
A mistaken or overbroad agent action could modify or delete password vault entries.
The script exposes direct edit and delete operations against vault items after obtaining a session, with no confirmation or built-in guardrail in the skill.
edit)
ensure_session
echo "$2" | bw encode | bw edit item "$1"
;;
delete)
ensure_session
bw delete item "$1"Configure OpenClaw tool policy to require approval for mutation commands, especially create, create-json, edit, delete, register, login, and logout.
Your Bitwarden master password could be exposed locally outside the intended OpenClaw process boundary on shared or monitored systems.
The master password is supplied to a child process as a command-line argument; on some systems, command-line arguments can be visible to other local users or process-monitoring tools.
session=$(bw login "$BW_EMAIL" "$BW_MASTER_PASSWORD" --raw 2>/dev/null)
Prefer safer credential handling where possible, such as stdin-based unlock flows or a dedicated limited-access vault account, and avoid using this on shared machines.
If BW_SERVER is accidentally set to an HTTP or otherwise unsafe endpoint, sensitive authentication material could be transmitted without the protection the documentation implies.
The documentation says all communication uses HTTPS/TLS, but the script accepts any user-provided BW_SERVER value and does not enforce an https:// URL before sending registration data or configuring the Bitwarden CLI.
**What leaves your machine:** - Authentication requests (email, master password) to your configured Bitwarden server - Encrypted vault data (create/read/update/delete operations) - All communication uses HTTPS/TLS
Only configure trusted HTTPS Bitwarden/Vaultwarden URLs; the skill should ideally validate BW_SERVER and refuse non-HTTPS endpoints unless the user explicitly opts in.
A local compromise or misconfiguration could expose a live vault session token.
The skill caches a reusable Bitwarden session token on disk. This is disclosed and permissioned to 600, but it persists beyond a single command until lock/logout or expiry.
SESSION_FILE="/tmp/.bw_session" ... echo "$session" > "$SESSION_FILE" chmod 600 "$SESSION_FILE"
Run `bw.sh lock` or `bw.sh logout` when done, avoid shared systems, and consider isolating OpenClaw’s workspace and runtime user account.
Some commands, especially registration, may fail or behave unexpectedly if these tools are absent or incompatible.
The script depends on additional local tools beyond the registry’s required binaries list, so environment validation may not catch every missing dependency before use.
# Dependencies: bash, openssl (3.x+), curl, bw CLI, xxd, grep, base64
Verify the installed local tools before use, and prefer a pinned, reviewed Bitwarden CLI installation.